[Mod-security-developers] [JIRA] Resolved: (MODSEC-388) Nginx Modsec 2.7.3 regular expression probl

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

     [ https://www.modsecurity.org/tracker/browse/MODSEC-388?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Breno Silva Pinto resolved MODSEC-388.
--------------------------------------

    Fix Version/s: 2.7.4
       Resolution: Fixed

> Nginx Modsec 2.7.3 regular expression problem
> ---------------------------------------------
>
>                 Key: MODSEC-388
>                 URL: https://www.modsecurity.org/tracker/browse/MODSEC-388
>             Project: ModSecurity
>          Issue Type: Bug
>      Security Level: Normal
>          Components: Rules
>    Affects Versions: 2.7.3
>         Environment: Nginx 1.2.6, CentOS 6.4 64-bits
>            Reporter: Hung Le
>            Assignee: Breno Silva Pinto
>             Fix For: 2.7.4
>
>
> Nginx Modsec 2.7.3 compiled on CentOS 6.4 64-bit seems to have problem with regular expression:
> The following rule return "404" instead of "403"
> SecRule REQUEST_URI "(^/admin)" \
>   "id:'10', \
>   t:none, \
>   phase:1, \
>   log, \
>   deny, \
>   status:403"
> The following rule works just fine:
> SecRule REQUEST_URI "admin" \
>   "id:'10', \
>   t:none, \
>   phase:1, \
>   log, \
>   deny, \
>   status:403"
> I did not have this problem with ModSec 2.7.2.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Mod-security-developers] [JIRA] Resolved: (MODSEC-388) Nginx Modsec 2.7.3 regular expression probl

[Mod-security-developers] [JIRA] Resolved: (MODSEC-388) Nginx Modsec 2.7.3 regular expression problem